Re: S/WAN ISAKMP/Oakley testing...

"W. Douglas Maughan" <wdm@epoch.ncsc.mil> Fri, 08 November 1996 14:11 UTC

Received: from cnri by ietf.org id aa21492; 8 Nov 96 9:11 EST
Received: from portal.ex.tis.com by CNRI.Reston.VA.US id aa10596; 8 Nov 96 9:11 EST
Received: (from majordom@localhost) by portal.ex.tis.com (8.8.2/8.8.2) id IAA12382 for ipsec-outgoing; Fri, 8 Nov 1996 08:47:56 -0500 (EST)
Date: Thu, 07 Nov 1996 17:57:10 -0500
From: "W. Douglas Maughan" <wdm@epoch.ncsc.mil>
Message-Id: <9611072257.AA10138@dolphin.ncsc.mil>
To: isakmp-oakley@cisco.com, ipsec@tis.com, rpereira@timestep.com
Subject: Re: S/WAN ISAKMP/Oakley testing...
Sender: owner-ipsec@ex.tis.com
Precedence: list

Roy,
> 
> I'd like to talk about some of the 'magic' identifiers in ISAKMP.  I'm 
> talking about the values that aren't defined in v5 of the draft.
> 
> 
> - What transform ids are used for the ISAKMP proposal?
> - What ids are used for the ISAKMP proposal attributes "Group 
> Identifier", Encryption Alg", "Hash Alg", and "Auth Alg" ?
> - What is the format of a SA proposal TLV ? Is the type and length 16 
> bits each ? Or are they 8 bits each ?
> - What is the ESP Proposal attribute "Cryptographic Synch" used for 
> and when?
> - How do we transform a 8-byte ISAKMP SPI to a 4-byte ESP/AH SPI ?
> - The v5 ISAKMP draft states that the "Payload Length" in the SA 
> payload is "in 4-octet units", but this is incorrect and should by in 
> 1-octet units.
> - For the Certificate Payload, there aren't any identifiers for the 
> Certificate Type and there is only one identifier for the Certificate 
> Authority.
> - What ISAKMP exchange identifiers are used for the Oakley exchange 
> modes?
> - What is the Notify message error "CONNECTED" used for?
> - What is the Notification Data?  It's contents are not defined in the 
> Internet DOI.
> 
As mentioned in an e-mail by Dan Harkins yesterday, there will be new
drafts for ISAKMP, ISAKMP-Oakley Resolution, and the IP Security DOI
early next week (i.e. Tues or Wed.). I think they will answer most, if
not all, of the above "attribute" questions.

Doug Maughan